From: philipp <philipp@7aebc617-e5e2-0310-91dc-80fb5f6d2477>
Date: Fri, 10 May 2019 22:14:57 +0000 (+0000)
Subject: Implement authentification but don't enforce it yet.
X-Git-Url: https://git.toastfreeware.priv.at/philipp/winterrodeln/wradmin.git/commitdiff_plain/2561340cc245aecfa1be64c2f8589c91411d5283

Implement authentification but don't enforce it yet.

git-svn-id: http://www.winterrodeln.org/svn/wradmin/trunk@2818 7aebc617-e5e2-0310-91dc-80fb5f6d2477
---

diff --git a/setup.py b/setup.py
index 19633d8..a6123b6 100644
--- a/setup.py
+++ b/setup.py
@@ -14,6 +14,8 @@ setup(
         "paginate>=0.5.6",
         "wrpylib>=0.6.0",
         "Flask",
+        "Flask-Login",
+        "Flask-WTF",
     ],
     packages=['wradmin', 'wradmin.model', 'wradmin.controllers'],
     package_data={'wradmin': ['i18n/*/LC_MESSAGES/*.mo', 'templates/*', 'static/*']},
diff --git a/wradmin/__init__.py b/wradmin/__init__.py
index fba490d..ba056c1 100644
--- a/wradmin/__init__.py
+++ b/wradmin/__init__.py
@@ -1,4 +1,4 @@
-from flask import Flask, send_from_directory, abort, g, render_template
+from flask import Flask, send_from_directory, abort, g, render_template, request, redirect, url_for, flash
 from sqlalchemy.engine import create_engine
 import wradmin.model
 import wradmin.template_helper
@@ -6,12 +6,22 @@ from wradmin.controllers.rodelbahn import RodelbahnController
 from wradmin.controllers.gasthaus import GasthausController
 from wradmin.controllers.bericht import BerichtController
 from wradmin.controllers.coordtool import CoordtoolController
+from wradmin.auth import password_is_correct
+from wradmin.auth.forms import LoginForm
+from flask_login import LoginManager, current_user, login_required, login_user, logout_user
 
 
 app = Flask(__name__)
 app.config.from_envvar('WRADMIN_SETTINGS')
 wradmin.model.init_model(create_engine(app.config['DATABASE_URI']))
 app.jinja_env.globals.update(h=wradmin.template_helper.PylonsHelper())
+login_manager = LoginManager(app)
+login_manager.login_view = "login"
+
+
+@app.before_request
+def _before_request():
+    g.user = current_user
 
 
 @app.teardown_appcontext
@@ -83,3 +93,31 @@ def coordtool_index():
 @app.route("/coordtool/convert", methods=['POST'])
 def coordtool_convert():
     return CoordtoolController().convert()
+
+
+@app.route("/login", methods=['GET', 'POST'])
+def login():
+    form = LoginForm()
+    if form.validate_on_submit():
+        user = wradmin.model.meta.Session.query(wradmin.model.MwUser).filter_by(user_name=form.user_name.data).first()
+        if user is not None and password_is_correct(form.password.data, user.user_password.decode()):
+            login_user(user, form.remember_me.data)
+            next = request.args.get('next')
+            if next is None or not next.startswith('/'):
+                next = url_for('index')
+            flash('Sie sind nun angemeldet.')
+            return redirect(next)
+        flash('Ungülter Benutzername oder ungültiges Passwort.')
+    return render_template('auth/login.html', form=form)
+
+
+@app.route("/logout")
+def logout():
+    logout_user()
+    flash('Sie wurden ausgeloggt.')
+    return redirect(url_for('index'))
+
+
+@login_manager.user_loader
+def user_loader(user_id):
+    return wradmin.model.meta.Session.query(wradmin.model.MwUser).get(user_id)
diff --git a/wradmin/auth/forms.py b/wradmin/auth/forms.py
new file mode 100644
index 0000000..1d33ce9
--- /dev/null
+++ b/wradmin/auth/forms.py
@@ -0,0 +1,10 @@
+from flask_wtf import FlaskForm
+from wtforms import StringField, PasswordField, BooleanField, SubmitField
+from wtforms.validators import DataRequired, Length, Email
+
+
+class LoginForm(FlaskForm):
+    user_name = StringField('Winterrodeln-Benutzername', validators=[DataRequired(), Length(1, 255)])
+    password = PasswordField('Winterrodeln-Passwort', validators=[DataRequired()])
+    remember_me = BooleanField('Auf diesem Computer merken')
+    submit = SubmitField('Log In')
diff --git a/wradmin/model/__init__.py b/wradmin/model/__init__.py
index 112e437..355253d 100644
--- a/wradmin/model/__init__.py
+++ b/wradmin/model/__init__.py
@@ -17,6 +17,7 @@ wrinncache_table = wrmwdb.wrinncache_table(meta.metadata)
 page_table = mwdb.page_table(meta.metadata)
 revision_table = mwdb.revision_table(meta.metadata)
 text_table = mwdb.text_table(meta.metadata)
+user_table = mwdb.user_table(meta.metadata)
 categorylinks_table = mwdb.categorylinks_table(meta.metadata)
 
 
@@ -52,9 +53,25 @@ class MwText(object):
     pass
 
 
+# MediaWiki user table
+class MwUser:
+    def is_authenticated(self):
+        return False
+
+    def is_active(self):
+        return True
+
+    def is_anonymous(self):
+        return True
+
+    def get_id(self):
+        return '1'
+
+
 orm.mapper(WrReport, wrreport_table)
 # We could add a relation but we don't need it yet:
 # orm.mapper(WrSledrunCache, wrsledruncache_table, properties = {'reports': orm.relation(WrReport, backref='sledding')})
 orm.mapper(WrSledrunCache, wrsledruncache_table)
 orm.mapper(WrInnCache, wrinncache_table)
 orm.mapper(MwText, text_table)
+orm.mapper(MwUser, user_table)
diff --git a/wradmin/templates/auth/login.html b/wradmin/templates/auth/login.html
new file mode 100644
index 0000000..aa83098
--- /dev/null
+++ b/wradmin/templates/auth/login.html
@@ -0,0 +1,15 @@
+{% extends "master.html" %}
+{% block title %}Login{% endblock %}
+
+{% block content %}
+<h2>Login</h2>
+
+<form method="POST">
+    {{ form.hidden_tag() }}
+    <div>{{ form.user_name.label }} {{ form.user_name() }}</div>
+    <div>{{ form.password.label }} {{ form.password() }}</div>
+    <div>{{ form.remember_me.label }} {{ form.remember_me }}</div>
+    <div>{{ form.submit() }}</div>
+</form>
+
+{% endblock %}
diff --git a/wradmin/templates/master.html b/wradmin/templates/master.html
index a64cd9e..76e7fc5 100644
--- a/wradmin/templates/master.html
+++ b/wradmin/templates/master.html
@@ -20,6 +20,11 @@
     <li><a href="{{url_for('rodelbahn_list')}}">Rodelbahnen</a></li>
     <li><a href="{{url_for('bericht_list')}}">Rodelbahnberichte</a></li>
     <li><a href="{{url_for('gasthaus_list')}}">Gasthäuser</a></li>
+    {% if current_user.is_authenticated %}
+    <li><a href="{{url_for('logout')}}">Logout</a></li>
+    {% else %}
+    <li><a href="{{url_for('login')}}">Login</a></li>
+    {% endif %}
 </ul>
 
 {% with messages = get_flashed_messages() %}